Staff Product Security Engineer
Karnataka, Bengaluru Bridge+ Unit No. 2
Applications have closed
Who We Want:
The Product Security Engineer will be a valued professional within the Stryker organization. They will lead efforts to design, execute, and continually improve the effectiveness of the vulnerability management processes for Stryker products. This Engineer will develop strategies and plans to create, sustain, and optimize the various aspects of vulnerability management including roles, processes, and technologies for Stryker medical devices and advanced solutions including AI, XR, and IoMT. This role will develop and optimize automated solutions for the generation of software bills of material, continuous vulnerability monitoring, and vulnerability resolution processes throughout the product lifecycle.
What You Will Do:
- Create and own strategies that prioritize objectives for creating effective vulnerability management processes across the entire lifecycle of medical device and associated solutions.
- Develop efficient solutions for determining the disposition of vulnerabilities produced through internal assessments and analysis efforts throughout the product lifecycle.
- Guide product development teams in completing overall vulnerability management procedures within a defined security risk management process.
- Work with product teams and product security services teams to develop and optimize the generation, repositories, and version management of software bills of material (SBOM) for a variety of medical device technologies.
- Design and implement SBOM configuration management solutions to enable continuous vulnerability management processes.
- Develop and own the policy and process of coordinated vulnerability disclosure.
- Review current state and desired state of vulnerability assessment capabilities to define a roadmap needed improvements.
- Work with tool vendors to develop and implement vulnerability management solutions associated with in-market medical devices and health software products.
- Develop standards and internal guidance for the timeliness of security patches for medical products and related systems.
- Apply regulatory guidance and industry best practices to drive strategies for product security procedures and work instructions.
- Provide product security guidance and leadership to internal taskforce teams.
- Collaborate with product teams to assess security risks and drive design decisions for new products and related systems based on vulnerability assessment results.
- Develop and deliver presentations and communications to clearly convey security topics up to the senior leadership level.
- Collaborate with Stryker enterprise functions to leverage domain expertise and capabilities and identify areas of opportunity.
- Recommend efficiency and process improvements to product security capabilities and functions.
- Knowledge and Capabilities:
- Demonstrated knowledge of various vulnerability management aspects including SBOM generation, vulnerability assessments, threat modeling, security risk assessment processes, and security patching best practices.
- Proficient in identifying security vulnerabilities across several areas of computing such as cloud, distributed applications, embedded systems, or IOT.
- Thorough understanding of the current revisions of NIST, ISO, and other related security frameworks especially those that apply to vulnerability management.
- Proven experience building successful working relationships with internal and external personnel in various departments.
- Expertise in applying security control frameworks, security risk assessments, and scoring the severity of security threats and vulnerabilities.
- Proficient in using one or more vulnerability scanning tools.
- Proven expertise working with product development teams in a broad number of computing environments.
- Excellent written and verbal communication skills.
- Proven ability to facilitate meetings to accomplish goals and objectives in a collaborative environment.
- Proven ability to develop and analyze procedural documents and associated artifacts.
- Demonstrated ability to understand and communicate how objectives fit into broader organizational goals, prioritize tasks, and develop timelines and work estimates.
What You Will Need:
- Bachelor's Degree in product security, computer science, mathematics, statistics, or related field
- 8+ years of applicable (product) security work experience required.
- Understands security risk management processes preferably in the healthcare or medical device industry.
- Direct experience working in a product focused vulnerability management process.
- One or more active, industry recognized, and relevant cybersecurity certifications.
* Salary range is an estimate based on our InfoSec / Cybersecurity Salary Index 💰
Tags: Cloud Computer Science IoT Mathematics Monitoring NIST Product security Risk assessment Risk management SBOM Vulnerabilities Vulnerability management
More jobs like this
Explore more InfoSec / Cybersecurity career opportunities
Find even more open roles in Ethical Hacking, Pen Testing, Security Engineering, Threat Research, Vulnerability Management, Cryptography, Digital Forensics and Cyber Security in general - ordered by popularity of job title or skills, toolset and products used - below.
- Open Senior Cybersecurity Engineer jobs
- Open Cybersecurity Analyst jobs
- Open Security Operations Engineer jobs
- Open Senior Cyber Security Engineer jobs
- Open Information Security Officer jobs
- Open Principal Security Engineer jobs
- Open Senior Product Security Engineer jobs
- Open Information Security Specialist jobs
- Open Chief Information Security Officer jobs
- Open IT Security Engineer jobs
- Open Cyber Security Architect jobs
- Open Staff Security Engineer jobs
- Open Cyber Security Specialist jobs
- Open Senior Penetration Tester jobs
- Open Security Specialist jobs
- Open Ethical hacker / Pentester H/F jobs
- Open Senior Network Security Engineer jobs
- Open Senior Information Security Analyst jobs
- Open Cybersecurity Consultant jobs
- Open IT Security Analyst jobs
- Open Manager Pentest H/F jobs
- Open Security Consultant jobs
- Open Security Operations Analyst jobs
- Open Information Security Architect jobs
- Open Consultant infrastructure sécurité H/F jobs
- Open Agile-related jobs
- Open Risk assessment-related jobs
- Open SOC-related jobs
- Open Network security-related jobs
- Open CISA-related jobs
- Open Analytics-related jobs
- Open ISO 27001-related jobs
- Open GCP-related jobs
- Open IAM-related jobs
- Open Application security-related jobs
- Open Pentesting-related jobs
- Open Threat intelligence-related jobs
- Open Vulnerability management-related jobs
- Open DevOps-related jobs
- Open DoD-related jobs
- Open Malware-related jobs
- Open Security Clearance-related jobs
- Open APIs-related jobs
- Open CEH-related jobs
- Open Security assessment-related jobs
- Open EDR-related jobs
- Open Java-related jobs
- Open Kubernetes-related jobs
- Open SaaS-related jobs
- Open DevSecOps-related jobs